[vox-tech] Building Apache Mod_Perl Mod_SSL

Jay Strauss vox-tech@lists.lugod.org
Fri, 4 Apr 2003 09:58:47 -0600 

Apache Apache-Perl Mod_SSL Mod_Perl DSO Debian Woody

Here's how I built an apache server with Mod_Perl and Mod_SSL (from what I
remember), using packaged products (verses doing it from source).  I'm not
very experienced (read newbie) with apache configuration, so I'm sure there
is a better, more proper way to do the apache config, later in this email

su - root

# First I get some some packages that perl uses
apt-get install unzip
apt-get install ncftp
apt-get install libgdbmg1-dev

# Next I used CPAN (for the first time) to get some perl packages need for
CPAN and Apache and HTML stuff
perl -MCPAN -e shell
install Bundle::CPAN
reload cpan
install Bundle::libnet
HTTP::Date
Time::HiRes
Bundle::DBI
Bundle::Apache

# Then I installed Apache-Perl (which is the deb package which is an Apache
server with a statically linked Mod_Perl)
apt-get install apache-perl

# Then I installed libapache-mod-ssl, which is the DSO for mod_ssl (duh)
apt-get install libapache-mod-ssl

Now apache-perl is installed at: /etc/apache-perl (not there is also an
/etc/apache, this is not used)
Under this directory you must edit the httpd.conf file and add:

LoadModule ssl_module /usr/lib/apache/1.3/mod_ssl.so

# Note I stuck the ssl config in a different file just to separate things
<IfModule mod_ssl.c>
   Include ssl.conf
</IfModule>

Also within the httpd.conf (where the example Listen statements are) you
must add:
Listen 443
Listen 80

Now create a ssl.conf file in the /etc/apache-perl directory like:

SSLMutex file:/var/log/apache-perl/ssl_mutex
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache dbm:/var/log/apache-perl/ssl_global_cache_data

<VirtualHost _default_:443>

   ServerName server.YourDomain.com
   DocumentRoot /var/www

   SSLEngine on
   SSLCertificateFile ssl.crt/server.crt
   SSLCertificateKeyFile ssl.key/server.key

   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

</VirtualHost>

Next, you gotta build your certificate (for ssl).
# Create a certificate
# (stolen from http://raibledesigns.com/tomcat/ssl-howto.html)
#(which stole from http://www.apache-ssl.org/#FAQ)

openssl req -new -out server.csr
openssl rsa -in privkey.pem -out server.key
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days
365

mv server.key ssl.key
mv server.crt ssl.crt
mv server.csr ssl.csr
#not sure what to do with privkey.pem

Then you can fire up your apache server like:
apache-perl-ctl start
and stop it like
apache-perl-ctl stop

If you use these instructions and it doesn't work, email me I'll try to
help, also I'd like to see where these instructions are incomplete

Jay